Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
5
Helpful
2
Replies

Cisco ASA 5510 drop outgoing connections

mohamed sebaey
Level 1
Level 1

‎04-26-2015 02:49 AM - edited ‎03-11-2019 10:50 PM

Dear Experts

 

I have a big problem , i have one proxy with static nat to public IP. This proxy allow users to get internet access after 30 mins become down , i checked with my ISP and proxy vendor and both confirmed that there is no issues from their side . I didn't do any configuration related connections limit . Kindly find the below:-


# show running-config policy-map
!
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
  inspect dns
 class class_ftp
  inspect ftp
 class ips-class
  ips inline fail-open
 class default
 class TCP_Bffer
 class class-default
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map type inspect dns TV-PLC
 parameters
  message-length maximum 512
 match domain-name regex class TV-CLS
  drop

 

 

----------------------------------------------------------------------------------------------------------

#show run

static (inside,outside) x.x.x.x y.y.y.y  netmask 255.255.255.255

 

I found on my ASA logs that my proxy IP address deal as threat as below  , i think because i have threat detection enabled . Is this cause my proxy IP blocked to go out for internet for 1 hr after that internet come back????. And if thereat detection blocks my internal IP , how can i allow my internal IP y.y.y.y to be trusted IP address.

 

 

 

Apr 26 2015 13:08:50: %ASA-4-401004: Shunned packet: y.y.y.y  ==> 128.121.22.133 on interface inside
Apr 26 2015 13:08:53: %ASA-4-401004: Shunned packet: 10.0.103.251 ==> 216.58.210.164 on interface inside
Apr 26 2015 13:08:53: %ASA-4-401004: Shunned packet: 10.0.103.251 ==> 50.116.45.243 on interface inside

Note: My proxy IP allow hundreds of P.Cs to go internet.

 

 

Any idea , please.

thanks

Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎04-27-2015 04:30 AM

Hi,

You must be having threat-detection scanning threat enabled on the ASA device and hence the IP is being automatically being blocked on the ASA device.

You can use an except rule on the ASA device to prevent from blocking this IP:-

threat-detection scanning-threat except <IP address>

Thanks and Regards,

Vibhor Amrodia

mohamed sebaey
Level 1
Level 1
In response to Vibhor Amrodia

‎04-27-2015 10:20 PM

Thanks again and again Vibhor , you help me a lot and i learned from you a lot. I enabled again threat detection with exception to my proxy list , and i will update you if i got any drop or not.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card